[Owasp-leaders] TRAINING

Tom Brennan - OWASP tomb at owasp.org
Tue Apr 12 02:16:46 UTC 2016


Since OWASP is AGILE the minimum viable product (MVP) is now LIVE.

https://www.owasp.org/index.php/Education/Free_Training  note the update
and link to the new page

With a desire, materials and delivery tool now in place and operational,
next is a small team who want to experiment

I might suggest that the requirements are

a) OWASP Project
b) OWASP Training that is with open-materials only

If you can meet those requirements you can unlock and use the tool

On this thread we touched on APPSEC Events and charging for training....
well here is my 2 cents on that.  At Global AppSec events, local events and
even chapter trainings we have seen people deliver training with a 60/40
split. So for those that are looking at the elephant in the room (money)
and asking how can this scale...   That same could be TRUE for training at
OWASP in the FUTURE as a FREE value to members delivered by live
instructors OR a cost as example $50usd (annual membership) to others.
Another item would be to have project leaders provide project training for
their project if we are collecting the metrics from visitors of who would
like a training class.

For now, we just need to put a few OWASP'ers together that really desire *to
raise visibility for software security* and sprint on it... sprint 2 and 3
would refine it and implement a workflow to manage it and if wildly
successful and we need an administrator to administrate all the extra work
it creates, then OWASP can hire that person... and make a more useful OWASP
Foundation to the WORLD outside the forest.

Brennan




On Sun, Apr 10, 2016 at 12:30 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
>
> >>First, do we want to do a training platform as we do at the
conferences? This would be easier, as OWASP would be facilitator, less
overhead.
>
> Agree. It's about providing a platform to educate about security. We do
not need to provide certificates or scores, but I think some automated
tests for people to evaluate their knowledge is a nice to have.
>
> >>Another though,  do we want to risk becoming a competitor with
sponsoring  organisations?
> Definitely not and given the actual resources, we cannot even aspire to
compete, but we can provide some free training materials on subjects such
as how to secure applications in a given language for example. Think of a
format like 'coursera' without the certificate but with the ability to
provide tests and interactive materials. This is possible in the
GoToTraining platform.That is the cool aspect of this platform.
>
> >> it is OWASP provided trainings‎, this is more complicated and I doubt
is OWASP is ready / mature enough doing so. More overhead and dedicated
resources needed.
>
> This is a concerning point. So far I understood, the GoTraining platform
was acquired as a 'pilot' project to experiment with trainings. It has no
clear execution plan behind. To work without clear objectives to reach a
goal , the chances are high that it wont succeed. I think we are trying to
launch way too often initiatives without an execution plan, and this is , a
waste of time and resources if we keep on doing this.
>
> @Eoin
>
> >>I'm Certainly happy to train new trainers..I'm sure others are also..
This initiative shall require funding and coordination.
>
> Agree. If I set a plan to:
>
> Set a group of experienced trainers and group of rookie trainers willing
to commit
> Create a list of tasks on how can the experienced ones train rookies
> Create a list of courses that rookies and experience trainers are willing
to provide
> Set a budget that will support these activities
> Submit this for approval to the board
>
> End results goals:
>
> A series of training materials similar to coursera or khan academy,
interactive and high quality into the GoTraining platform
> A series of training materials that could be also be provided during
appsec training but with our own team of trainers.
> 100% owasp produced materials
>
> If you (Eoin and others experienced trainers) are willing to stand behind
this plan, I"ll be very glad to help coordinate it and ask for a budget and
approval.
>
> Cheers
>
> Johanna
>
>
>
>
> On Sun, Apr 10, 2016 at 10:53 AM, Martin Knobloch <
martin.knobloch at owasp.org> wrote:
>>
>> ‎All,
>>
>> In my life, the problem is bigger than that.
>> First, do we want to do a training platform as we do at the conferences?
This would be easier, as OWASP would be facilitator, less overhead.
>> Kate has proposed this years ago. Problem is keeping scores and
evaluations. Questions able what info to share publicly and what not.
>>
>> If it is OWASP provided trainings‎, this is more complicated and I doubt
is OWASP is ready / mature enough doing so. More overhead and dedicated
resources needed.
>> Another though,  do we want to risk becoming a competitor with
sponsoring  organisations?
>>
>> -martin
>>
>>
>>
>> From: Eoin Keary
>> Sent: zondag 10 april 2016 15:51
>> To: johanna curiel curiel
>> Cc: owasp-leaders at lists.owasp.org
>> Subject: Re: [Owasp-leaders] TRAINING
>>
>> I'm Certainly happy to train new trainers.
>> I'm sure others are also.
>> This initiative shall require funding and coordination.
>>
>> When we deliver free training a novice trainer also  delivers alongside
the experienced instructor.  SANS for example do similar to this.  I did
this also many years ago to develop internal champions for a global Corp.
it works.
>>
>>
>> Eoin Keary
>> OWASP Volunteer
>> @eoinkeary
>>
>>
>>
>> On 9 Apr 2016, at 19:24, johanna curiel curiel <johanna.curiel at owasp.org>
wrote:
>>
>> Eoin
>>
>> So, the first step is to get those 'experience trainers' 'train' the
'rookie-trainers'
>>
>> If this is the case we will need:
>>
>> Experienced Trainers willing to provide training
>> Create a format on how to deliver quality training
>>
>>
>> Are you willing to help the rookies?
>>
>> If this is the case then the Experienced ones needs to provide training
to the rookies
>> Experienced ones can provide training through the GoTraining platform
>>
>> My questions to those experience ones:
>> Who is willing to volunteer?
>> If you are experience and want to help, please respond to this email
with 'I do'.
>>
>> If we have no experienced trainers willing to help , then rookies will
have to look for other alternatives
>>
>> Otherwise people, we `keep on suggesting  initiatives that leads to no
where...
>>
>>
>>
>> On Sat, Apr 9, 2016 at 11:11 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>
>>> I suggested this before....but a train the trainer programme delivered
by experienced trainers could grow the free training capability and quality
of OWASP.
>>>
>>>
>>> Eoin Keary
>>> OWASP Volunteer
>>> @eoinkeary
>>>
>>>
>>>
>>> On 9 Apr 2016, at 02:56, John Patrick Lita <john.patrick.lita at owasp.org>
wrote:
>>>
>>> Hi Tom
>>>
>>> This is very useful for those who cannot attend the AppSec Conference,
but creating an online training is a very challenging and need a lot of
time :) if we can have a Practical Training and Management training that
would be great! technical Track and management tracks.
>>>
>>> let try to make 5-10 training videos and lets see what is the feedback.
>>>
>>> On Fri, Apr 8, 2016 at 11:52 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
>>>>
>>>> Hi Tom
>>>>
>>>> A week ago I had contact with Kate regarding creating a training inn
the OWASP GoTraining platform.
>>>>
>>>> We exchanged some emails, however I'm awaiting access to the Training
platform since a week ago.
>>>>
>>>> How can we make sure that volunteers can actually make use of
resources if available in order to move forward with these plans?
>>>>
>>>> Cheers
>>>>
>>>> Johanna
>>>>
>>>> On Fri, Apr 8, 2016 at 2:15 PM, Tom Brennan - OWASP <tomb at owasp.org>
wrote:
>>>>>
>>>>> There's been discussion around training programs aligned with
strategic goals https://www.owasp.org/index.php/OWASP_Strategic_Goals
locally and globally.
>>>>>
>>>>> There are multiple data inputs that influence a investment in this
area.
>>>>>
>>>>> Please take two minutes and answer the following short
multiple-choice survey to capture anonymous metric data to assist further
in this process
>>>>>
>>>>> Survey
>>>>> http://goo.gl/forms/nPzqACi0e9 <--- Google survey link
>>>>>
>>>>> Thank you in advance.
>>>>>
>>>>> Additional training references
>>>>> https://www.owasp.org/index.php/OWASP_Training
>>>>>
>>>>> https://www.owasp.org/index.php/Education/Free_Training
>>>>>
>>>>> https://www.owasp.org/index.php/Category:OWASP_Video
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> The information contained in this message and any attachments may be
privileged, confidential, proprietary or otherwise protected from
disclosure. If you, the reader of this message, are not the intended
recipient, you are hereby notified that any dissemination, distribution,
copying or use of this message and any attachment is strictly prohibited.
If you have received this message in error, please notify the sender
immediately by replying to the message, permanently delete it from your
computer and destroy any printout.
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>
>>>
>>>
>>> --
>>> Best Regrads
>>> John Patrick Lita
>>> InfoSec Consultant | Instructor | Chapter Leader OWASP Manila
>>> FB Page @OwaspManila
>>> https://www.owasp.org/index.php/Manila
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>>
>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-- 
The information contained in this message and any attachments may be 
privileged, confidential, proprietary or otherwise protected from 
disclosure. If you, the reader of this message, are not the intended 
recipient, you are hereby notified that any dissemination, distribution, 
copying or use of this message and any attachment is strictly prohibited. 
If you have received this message in error, please notify the sender 
immediately by replying to the message, permanently delete it from your 
computer and destroy any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160411/89438030/attachment-0001.html>


More information about the OWASP-Leaders mailing list